fkasler/phishmonger

Unsure how to configure Phishing links

Closed this issue · 3 comments

ontinternet commented

Hi, thanks for all your help with sending SMTP, this is now working, Firstly I would like to say that this is an amazing application and I really want to get full use from it.
I do have some questions though if you have time to answer them?
Basically I need a short how to guide?

  1. I set up using flik with no errors and using Gandi api key (Gandi domain name) and when I use the dkim option - dkim is still not being set dkim=fail (no key for signature)
  2. Do I need to setup an html landing page for my phishing url (like Gophish does) - does Phishmonger support this - and if so where do I create this? - I am not sure of the workflow required here.
  3. I guess that to trigger the humble chameleon to man in the middle I send 'victim; to the search string set in Humble Chameleon (ID Parameter Name optoion in Flik).
  4. Humble Chameleon is configured to send to Phishmonger /create_event - there is no create_event page in the Phishmonger pages (I was expecting this to be under /resources/pages ?
  5. I have tried a full install of humble chameleon (just to see and differences) as the one Flik installs is very small and has no index.js to run (I am guessing all the functionality is in phishmonger. The only thing I noticed when I ran index.js for humble chameleon - is I can then see humble chameleon blocking sites (as it's supposed to do) which is great - is this information supposed to be sent to the area I refer to in point 4?

So in summary I have Phishmonger installed and working, but I am missing some configurations to get a phishing link to work from the email that gets sent out - and then captured in Humble Chameleon. The potential of using this framework I think has so many advantages over GoPhish and Evilginx, and I would really like to get this working as my main application when I do Phishing simulations. Thanks for any help.

ontinternet commented

I have figured most of the above out - so I will close this issue now (points 2,3,4,and 5) - I am still having some trouble configuring a few things like the dkim, but I will try to work out what is happening. This is a very cool application, massive kudos to you for developing.

fkasler commented

Yea sorry I don't really have a wiki yet. Would love some help with that if you want to send me a PR ;)

ontinternet commented

I can email you some stuff (I am not 100% it's correct, so will need you to check it out) but let me know. - I am still having skim issues though, everything has been generated on the server - but the email header says no dkim??